Thanks for using Paperturn. This policy explains the what, how, and why of the information we collect when you visit our website, or when you use our Services. It also explains the specific ways we use and disclose that information. We value your trust and take your privacy extremely seriously!
Paperturn Service or Service (“Us”, “We”)That’s us! Our Service consists of our website (www.paperturn.com) and all of its associated features, functionalities and interfaces related to online flipbooks and digital publishing.
Any flipbooks, PDFs, images, text, sound and other material that is posted to or accessed via the Paperturn Service.
Data Subject(s) (Also known as “You”, “Users” & “Viewers”)
In most circumstances that’s you, the User, a Paperturn client. You as an individual provide us with your personal data in order to use the services of Paperturn. Data subjects can also be “Viewers” - the people who read and interact with the flipbook Content you create.
In most circumstances, that’s us. We’re the individuals responsible for things like personal data collection in connection with creating an account, collecting consent, managing consent revocation, enabling right to access, etc. In certain circumstances, you as the User can also be a Data Controller when collecting and processing your Viewers’ Personal Data. We refer to these circumstances specifically in Section 7.
The Data Processor is a person or organization who processes your personal data as instructed by us for specific purposes - for example, our accountants, our marketing partners, our cloud service providers etc. In certain circumstances, we can be a Data Processor instead of a Data Controller. We refer to these circumstances specifically in Section 7.
Personal Data (also referred to as “data”)
Any information relating to an identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Information collected automatically through Paperturn (or third-party services employed by Paperturn), which can include: the IP addresses or domain names of the computers utilized by the Users who use Paperturn, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within Paperturn) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
e) Anonymous usage data: Paperturn collects anonymous usage data whenever a User or Viewer interacts with our Service, for example: number of views and downloads, type of device, type of browser, links clicked, geographic location and referral source.
We may use the Personal Information we collect through Paperturn or 3rd party sources for a range of reasons, including:
We legally collect and process your data under the following premises:
If you are a Viewer who has voluntarily submitted Personal Data to one of our Users via these features, and wish to exercise any of your data rights (See Section 11 below), please contact the User directly. Should you contact us, we may remove or update your information within a reasonable time, after providing notice to the User of your request.
We will only retain the Data we process on behalf of our User for as long as needed to provide our Services or to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
Types of personal data Paperturn Users may collect from their Viewers:
The Personal Data collected depends entirely on the fields the User is requesting for the Viewer to fill out; however, examples may include: the Viewer’s email address, full name, company, address, phone number etc. It is important to note that as a Viewer, you are not required to fill out any information, but rather, that submission of your information is voluntary and at your own discretion.
As a User, you should know that your usage of the Viewer’s collected Personal Information is limited to:
facilitating the use of your services;
sending informational or promotional messages;
providing customer support;
providing, supporting, and improving the services you offer.
The 3rd party services contained in this section enable Paperturn to monitor and analyze web traffic & user behavior, as well as to market relevant offers/advertisements.
This type of services makes it possible to manage a database of email contacts. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
Personal Data collected: Personal Data, Usage Data and Cookies.
This type of service allows Paperturn to manage support and contact requests received via email or by other means, such as the chat widget. The Personal Data processed depends on the information provided by the User in the messages and the means used for communication (e.g. email address).
Hetzner is our out-of-house server provider. Any data we store here is on dedicated servers (meaning we are the only company who uses & has access to the servers).
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include: firewalls, data encryption, dedicated servers, physical access controls to our data centers & offices, information access authorization controls, protection against script injection and A+ server SSL ratings.
While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party - Please review their individual privacy policies for more information on their data protection efforts.
10. NOTICE OF BREACH OF SECURITY
Every care is taken to protect your Personal Data from accidental or deliberate incidents that compromise security. In the unfortunate and unlikely event that a security breach causes an unauthorized intrusion into our system that materially affects you, we will notify both you and the relevant supervisory authority about the breach within 72 hours of becoming aware of it. We will also inform you of the steps we’ve taken to remediate the breach at our earliest possible opportunity.
THE RIGHT TO BE INFORMED
You have the right to be provided with information about our data processing activities.
THE RIGHT OF ACCESS
You have the right to know which personal data we collect from you.
THE RIGHT TO ERASURE
You have the right to request the deletion of your personal data.
THE RIGHT TO RESTRICT PROCESSING
You have the right to restrict processing of personal data under certain circumstances. Should you exercise this right, we may not be able to provide a portion or entirety of our services to you.
THE RIGHT TO OBJECT
You have the right to object to the processing of your personal data.
THE RIGHT TO RECTIFICATION
You have the right to rectify any inaccurate or incomplete personal data.
THE RIGHT TO DATA PORTABILITY
Under certain circumstances, you have the right to copy, transfer or move your personal data.
THE RIGHT TO AVOID AUTOMATED DECISION-MAKING
You have the right to be provided with safeguards against automated decision-making. As a responsible service, we do not use any automated decision-making or profiling.
How to exercise your data subject rights under the GDPR
Should you wish to exercise any of your data subject rights under the GDPR, click here. It is important to note that, in some situations, restricting or withdrawing your consent for us to process your data may result in reduced account functioning or inability for us to offer you our Service.
How to update your personal information
You can change or correct your personal / account information with Paperturn at any time by logging in to your Paperturn account & updating your information (*Please note, certain changes may affect the functioning of your account).
How to delete your data from Paperturn
If you’d like to delete all of your data from Paperturn, you should simply delete your account. Please note, this action is irreversible and means you will have to delete your existing account and everything that is stored in your account (flipbooks). Once you delete your Paperturn account, we will take steps to remove your personal data from our systems and from 3rd party processors, within the timeframes stated in Section 6 (“Data Retention”).
How to opt out of email communications from Paperturn
As a Paperturn client, you receive two types of email communication from us - system emails and marketing emails. You can adjust or opt out of receiving marketing emails at any time by clicking on the unsubscribe button at the bottom of the marketing email you receive. Regarding our system emails, you are unable to opt out as they are required legal, payment or system notices in accordance with your use of Paperturn’s Service.
How to opt out of 3rd party processing
13. REPRESENTATION FOR DATA SUBJECTS IN THE UK (UK GDPR)
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please click here.
We provide all of our customers with the opportunity to sign a Data Processing Addendum (DPA) with us. Executing a DPA does not change any of our practices concerning the protection of your privacy and your data. Everyone using our service gets the same high standards of privacy and security. If you require an executed DPA with us, please sign here.
LAST UPDATED: 13.9.2022